Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Grandstream UCM6200 Series CTI Interface - 'user_password' SQL Injection
CVE-2020-572631 mar 2020
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A rem
23RISCO
abrir
Exploit-DB
DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)
CVE-2019-2049931 mar 2020
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RISCO
abrir
Exploit-DB
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-4716CRITICALsob ataque31 mar 2020
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RISCO
abrir
Exploit-DB
SharePoint Workflows - XOML Injection (Metasploit)
CVE-2020-0646CRITICALsob ataque31 mar 2020
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.N
100RISCO
abrir
Exploit-DB
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
CVE-2020-0796CRITICALsob ataqueransomware30 mar 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISCO
abrir
Exploit-DB
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
CVE-2020-8515CRITICALsob ataque30 mar 2020
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow
100RISCO
abrir
Exploit-DB
TP-Link Archer C50 3 - Denial of Service (PoC)
CVE-2020-937526 mar 2020
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a
28RISCO
abrir
Exploit-DB
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
CVE-2020-1270725 mar 2020
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only secur
23RISCO
abrir
Exploit-DB
UCM6202 1.0.18.13 - Remote Command Injection
CVE-2020-5722CRITICALsob ataque24 mar 2020
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir
Exploit-DB
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
CVE-2020-1038524 mar 2020
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.
23RISCO
abrir
Exploit-DB
UliCMS 2020.1 - Persistent Cross-Site Scripting
CVE-2020-1270424 mar 2020
UliCMS before 2020.2 has PageController stored XSS.
23RISCO
abrir
Exploit-DB
VMware Fusion 11.5.2 - Privilege Escalation
CVE-2020-3950HIGHsob ataque20 mar 2020
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for
86RISCO
abrir
Exploit-DB
Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
CVE-2019-1512618 mar 2020
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal
23RISCO
abrir
Exploit-DB
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
CVE-2019-1950917 mar 2020
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RISCO
abrir
Exploit-DB
ManageEngine Desktop Central - Java Deserialization (Metasploit)
CVE-2020-10189CRITICALsob ataque17 mar 2020
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted d
100RISCO
abrir
Exploit-DB
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
CVE-2020-1022017 mar 2020
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISCO
abrir
Exploit-DB
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
CVE-2020-0796CRITICALsob ataqueransomware14 mar 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISCO
abrir
Exploit-DB
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
CVE-2020-937212 mar 2020
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or
23RISCO
abrir
Exploit-DB
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
CVE-2020-10221HIGHsob ataque12 mar 2020
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands vi
83RISCO
abrir
Exploit-DB
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
CVE-2020-937112 mar 2020
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php
23RISCO
abrir
Exploit-DB
rConfig 3.9 - 'searchColumn' SQL Injection
CVE-2020-1022012 mar 2020
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RISCO
abrir
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
CVE-2020-8866MEDIUM11 mar 2020
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmai
33RISCO
abrir
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
CVE-2020-8865MEDIUM11 mar 2020
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webma
33RISCO
abrir
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
CVE-2020-8866MEDIUM11 mar 2020
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmai
33RISCO
abrir
Exploit-DB
Joomla! 3.9.0 < 3.9.7 - CSV Injection
CVE-2019-1276511 mar 2020
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
28RISCO
abrir
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
CVE-2020-8865MEDIUM11 mar 2020
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webma
33RISCO
abrir
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution
CVE-2020-851810 mar 2020
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execu
60RISCO
abrir
Exploit-DB
Nagios XI - Authenticated Remote Command Execution (Metasploit)
CVE-2019-15949HIGHsob ataque10 mar 2020
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RISCO
abrir
Exploit-DB
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)
CVE-2015-183009 mar 2020
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5
60RISCO
abrir
Exploit-DB
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
CVE-2019-5825MEDIUMsob ataque09 mar 2020
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISCO
abrir
anteriorpágina 46 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.